Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cloudflare_access_application should be replaced when auth_type is changed. #3314

Closed
3 tasks done
F21 opened this issue May 17, 2024 · 3 comments · Fixed by #3332
Closed
3 tasks done

cloudflare_access_application should be replaced when auth_type is changed. #3314

F21 opened this issue May 17, 2024 · 3 comments · Fixed by #3332
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/needs-information Indicates an issue needs more information in order to work on it.
Milestone
v4.35.0

Comments

@F21
Copy link
Contributor

F21 commented May 17, 2024
edited
Loading

Confirmation

  • This is a bug with an existing resource and is not a feature request or enhancement. Feature requests should be submitted with Cloudflare Support or your account team.
  • I have searched the issue tracker and my issue isn't already found.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.8.3
on linux_amd64

  • provider registry.terraform.io/cloudflare/cloudflare v4.33.0

Affected resource(s)

  • cloudflare_access_application

Terraform configuration files

resource "cloudflare_access_application" "test" {
  account_id           = "REDACTED"
  name                 = "REDACTED"
  type                 = "saas"
  saas_app {
    auth_type        = "oidc"
    redirect_uris    = ["REDACTED"]
    scopes           = ["openid", "groups", "email", "profile"]
    app_launcher_url = "REDACTED"
  }
}

Link to debug output

N/a

Panic output

No response

Expected output

The access application should be deleted and recreated.

Actual output

The request fails:

Error: error updating Access Application for accounts "XXX": error from makeRequest: received internal server error response (HTTP 500), please try again later
│
│   with cloudflare_access_application.test,
│   on test.tf line 9, in resource "cloudflare_access_application" "test":
│    9: resource "cloudflare_access_application" "test" {
│

Steps to reproduce

  1. Create SAML version of an access application:
resource "cloudflare_access_application" "test" {
  account_id           = "REDACTED"
  name                 = "test"
  type                 = "saas"
  saas_app {
    consumer_service_url = "test"
    sp_entity_id         = "test"
    name_id_format       = "email"
  }
}
  1. Terraform apply
  2. Update the resource to oidc:
resource "cloudflare_access_application" "test" {
  account_id           = "REDACTED"
  name                 = "REDACTED"
  type                 = "saas"
  saas_app {
    auth_type        = "oidc"
    redirect_uris    = ["REDACTED"]
    scopes           = ["openid", "groups", "email", "profile"]
    app_launcher_url = "REDACTED"
  }
}
  1. Terraform apply.
  2. Terraform apply fails.

Additional factoids

When creating an application in the UI, it specifically states that the auth_type cannot be changed and the application will need to be recreated:

Choose an authentication method: Security Assertion Markup Language (SAML) or OpenID Connect (OIDC). Once the application is created, you will not be able to change this setting.

References

No response
@F21 F21 added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels May 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions GitHub Actions
Copy link
Contributor

Thank you for reporting this issue! For maintainers to dig into issues it is required that all issues include the entirety of TF_LOG=DEBUG output to be provided. The only parts that should be redacted are your user credentials in the X-Auth-Key, X-Auth-Email and Authorization HTTP headers. Details such as zone or account identifiers are not considered sensitive but can be redacted if you are very cautious. This log file provides additional context from Terraform, the provider and the Cloudflare API that helps in debugging issues. Without it, maintainers are very limited in what they can do and may hamper diagnosis efforts.

This issue has been marked with triage/needs-information and is unlikely to receive maintainer attention until the log file is provided making this a complete bug report.

@github-actions github-actions bot added triage/needs-information Indicates an issue needs more information in order to work on it. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels May 17, 2024
@F21 F21 mentioned this issue May 28, 2024
Merged
@github-actions github-actions bot added this to the v4.35.0 milestone May 30, 2024
@github-actions GitHub Actions
Copy link
Contributor

This functionality has been released in v4.35.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. triage/needs-information Indicates an issue needs more information in order to work on it.
Projects
None yet
Milestone
v4.35.0
1 participant
@F21